Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

Vulnerability

A remote code execution vulnerability has been identified in Arista NG Firewall. The issue arises from improper validation of user-supplied data in the User-Agent HTTP header, allowing for the injection of arbitrary scripts. Exploitation of this vulnerability requires minimal user interaction and enables attackers to execute code with root privileges on the affected system.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system, with the executed code running in the context of the root user.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.3

impact

7.5

exploitability

6.0

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Arista NG Firewall User-Agent Cross-Site Scripting Remote Code Execution Vulnerability

Vulnerability

Impact

Affected Products

Arista NG Firewall

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating